It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.Topics covered include:Preventing cross-site scripting (XSS) vulnerabilitiesProtecting against SQL injection attacksComplicating session hijacking attemptsYou are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

    Building on two widely acclaimed previous editions, Craig Larman has updated this book to fully reflect the new UML 2 standard, to help you master the art of object design, and to promote high-impact, iterative, and skillful agile modeling practices.Developers and students will learn object-oriented analysis and design (OOA/D) through three iterations of two cohesive, start-to-finish case studies. These case studies incrementally introduce key skills, essential OO principles and patterns, UML notation, and best practices. You won’t just learn UML diagrams - you’ll learn how to apply UML in the context of OO software development.Drawing on his unsurpassed experience as a mentor and consultant, Larman helps you understand evolutionary requirements and use cases, domain object modeling, responsibility-driven design, essential OO design, layered architectures, “Gang of Four” design patterns, GRASP, iterative methods, an agile approach to the Unified Process (UP), and much more. This edition’s extensive improvements include:- A stronger focus on helping you master OOA/D through case studies that demonstrate key OO principles and patterns, while also applying the UML- New coverage of UML 2, Agile Modeling, Test-Driven Development, and refactoring- Many new tips on combining iterative and evolutionary development with OOA/D- Updates for easier study, including new learning aids and graphics- New college educator teaching resources- Guidance on applying the UP in a light, agile spirit, complementary with other iterative methods such as XP and Scrum- Techniques for applying the UML to documenting architectures- A new chapter on evolutionary requirements, and much moreApplying UML and Patterns, Third Edition, is a lucid and practical introduction to thinking and designing with objects - and creating systems that are well crafted, robust, and maintainable.

    The widespread adoption of agile methods has brought the need for effective testing into the limelight, and agile projects have transformed the role of testers. Much of a tester's function, however, remains largely misunderstood. What is the true role of a tester? Do agile teams actually need members with QA backgrounds? What does it really mean to be an "agile tester?"Two of the industry's most experienced agile testing practitioners and consultants, Lisa Crispin and Janet Gregory, have teamed up to bring you the definitive answers to these questions and many others. In Agile Testing, Crispin and Gregory define agile testing and illustrate the tester's role with examples from real agile teams. They teach you how to use the agile testing quadrants to identify what testing is needed, who should do it, and what tools might help. The book chronicles an agile software development iteration from the viewpoint of a tester and explains the seven key success factors of agile testing.Readers will come away from this book understanding- How to get testers engaged in agile development- Where testers and QA managers fit on an agile team- What to look for when hiring an agile tester- How to transition from a traditional cycle to agile development- How to complete testing activities in short iterations- How to use tests to successfully guide development- How to overcome barriers to test automationThis book is a must for agile testers, agile teams, their managers, and their customers.

    What has been missing from the agile literature is a solid, practical book on the specifics of developing large projects in an agile way. Dean Leffingwell's book Scaling Software Agility fills this gap admirably. It offers a practical guide to large project issues such as architecture, requirements development, multi-level release planning, and team organization. Leffingwell's book is a necessary guide for large projects and large organizations making the transition to agile development." -Jim Highsmith, director, Agile Practice, Cutter Consortium, author of Agile Project Management "There's tension between building software fast and delivering software that lasts, between being ultra-responsive to changes in the market and maintaining a degree of stability. In his latest work, Scaling Software Agility, Dean Leffingwell shows how to achieve a pragmatic balance among these forces. Leffingwell's observations of the problem, his advice on the solution, and his description of the resulting best practices come from experience: he's been there, done that, and has seen what's worked." -Grady Booch, IBM Fellow Agile development practices, while still controversial in some circles, offer undeniable benefits: faster time to market, better responsiveness to changing customer requirements, and higher quality. However, agile practices have been defined and recommended primarily to small teams. In Scaling Software Agility, Dean Leffingwell describes how agile methods can be applied to enterprise-class development. Part I provides an overview of the most common and effective agile methods. Part II describes seven best practices of agility that natively scale to the enterprise level. Part III describes an additional set of seven organizational capabilities that companies can master to achieve the full benefits of software agility on an enterprise scale. This book is invaluable to software developers, testers and QA personnel, managers and team leads, as well as to executives of software organizations whose objective is to increase the quality and productivity of the software development process but who are faced with all the challenges of developing software on an enterprise scale. Foreword Preface Acknowledgments About the Author Part I: Overview of Software Agility Chapter 1: Introduction to Agile Methods Chapter 2: Why the Waterfall Model Doesn't Work Chapter 3: The Essence of XP Chapter 4: The Essence of Scrum Chapter 5: The Essence of RUP Chapter 6: Lean Software, DSDM, and FDD Chapter 7: The Essence of Agile Chapter 8: The Challenge of Scaling Agile Part II: Seven Agile Team Practices That Scale Chapter 9: The Define/Build/Test Component Team Chapter 10: Two Levels of Planning and Tracking Chapter 11: Mastering the Iteration Chapter 12: Smaller, More Frequent Releases Chapter 13: Concurrent Testing Chapter 14: Continuous Integration Chapter 15: Regular Reflection and Adaptation Part III: Creating the Agile Enterprise Chapter 16: Intentional Architecture Chapter 17: Lean Requirements at Scale: Vision, Roadmap, and Just-in-Time Elaboration Chapter 18: Systems of Systems and the Agile Release Train Chapter 19: Managing Highly Distributed Development Chapter 20: Impact on Customers and Operations Chapter 21: Changing the Organization Chapter 22: Measuring Business Performance Conclusion: Agility Works at Scale Bibliography Index

     Coauthored by the designer of the Scala language, this authoritative book will teach you, one step at a time, the Scala language and the ideas behind it. The book is carefully crafted to help you learn. The first few chapters will give you enough of the basics that you can already start using Scala for simple tasks. The entire book is organized so that each new concept builds on concepts that came before - a series of steps that promises to help you master the Scala language and the important ideas about programming that Scala embodies. A comprehensive tutorial and reference for Scala, this book covers the entire language and important libraries.

    Find out how the Swedish police combined XP, Scrum, and Kanban in a 60-person project. From start to finish, you'll see how to deliver a successful product using Lean principles. We start with an organization in desperate need of a new way of doing things and finish with a group of sixty, all working in sync to develop a scalable, complex system. You'll walk through the project step by step, from customer engagement, to the daily "cocktail party," version control, bug tracking, and release. In this honest look at what works--and what doesn't--you'll find out how to: Make quality everyone's business, not just the testers. Keep everyone moving in the same direction without micromanagement. Use simple and powerful metrics to aid in planning and process improvement. Balance between low-level feature focus and high-level system focus. You'll be ready to jump into the trenches and streamline your own development process.ContentsForewordPrefacePART I: HOW WE WORK1. About the Project1.1 Timeline 51.2 How We Sliced the Elephant 61.3 How We Involved the Customer 72. Structuring the Teams3. Attending the Daily Cocktail Party3.1 First Tier: Feature Team Daily Stand-up3.2 Second Tier: Sync Meetings per Specialty3.3 Third Tier: Project Sync Meeting4. The Project Board4.1 Our Cadences4.2 How We Handle Urgent Issues and Impediments5. Scaling the Kanban Boards6. Tracking the High-Level Goal7. Defining Ready and Done7.1 Ready for Development7.2 Ready for System Test7.3 How This Improved Collaboration 8. Handling Tech Stories8.1 Example 1: System Test Bottleneck8.2 Example 2: Day Before the Release8.3 Example 3: The 7-Meter Class9. Handling Bugs9.1 Continuous System Test9.2 Fix the Bugs Immediately9.3 Why We Limit the Number of Bugs in the Bug Tracker9.4 Visualizing Bugs9.5 Preventing Recurring Bugs10. Continuously Improving the Process10.1 Team Retrospectives10.2 Process Improvement Workshops10.3 Managing the Rate of Change11. Managing Work in Progress11.1 Using WIP Limits11.2 Why WIP Limits Apply Only to Features12. Capturing and Using Process Metrics12.1 Velocity (Features per Week)12.2 Why We Don’t Use Story Points12.3 Cycle Time (Weeks per Feature)12.4 Cumulative Flow12.5 Process Cycle Efficiency13. Planning the Sprint and Release13.1 Backlog Grooming13.2 Selecting the Top Ten Features13.3 Why We Moved Backlog Grooming Out of the Sprint Planning Meeting13.4 Planning the Release14. How We Do Version Control14.1 No Junk on the Trunk14.2 Team Branches14.3 System Test Branch15. Why We Use Only Physical Kanban Boards16. What We Learned16.1 Know Your Goal16.2 Experiment16.3 Embrace Failure16.4 Solve Real Problems16.5 Have Dedicated Change Agents16.6 Involve PeoplePART II: A CLOSER LOOK AT THE TECHNIQUES 17. Agile and Lean in a Nutshell17.1 Agile in a Nutshell17.2 Lean in a Nutshell17.3 Scrum in a Nutshell17.4 XP in a Nutshell17.5 Kanban in a Nutshell18. Reducing the Test Automation Backlog18.1 What to Do About It18.2 How to Improve Test Coverage a Little Bit Each Iteration18.3 Step 1: List Your Test Cases18.4 Step 2: Classify Each Test18.5 Step 3: Sort the List in Priority Order18.6 Step 4: Automate a Few Tests Each Iteration18.7 Does This Solve the Problem?19. Sizing the Backlog with Planning Poker19.1 Estimating Without Planning Poker19.2 Estimating with Planning Poker19.3 Special Cards20. Cause-Effect Diagrams20.1 Solve Problems, Not Symptoms20.2 The Lean Problem-Solving Approach: A3 Thinking20.3 How to Use Cause-Effect Diagrams20.4 Example 1: Long Release Cycle20.5 Example 2: Defects Released to Production20.6 Example 3: Lack of Pair Programming20.7 Example 4: Lots of Problems20.8 Practical Issues: How to Create and Maintain the Diagrams20.9 Pitfalls20.10 Why Use Cause-Effect Diagrams?21. Final WordsA1. Glossary: How We Avoid Buzzword BingoIndex

    But it can be even trickier to use than either Unix or Linux, and harder still to master.Absolute FreeBSD, 2nd Edition is your complete guide to FreeBSD, written by FreeBSD committer Michael W. Lucas. Lucas considers this completely revised and rewritten second edition of his landmark work to be his best work ever; a true product of his love for FreeBSD and the support of the FreeBSD community. Absolute FreeBSD, 2nd Edition covers installation, networking, security, network services, system performance, kernel tweaking, filesystems, SMP, upgrading, crash debugging, and much more, including coverage of how to:Use advanced security features like packet filtering, virtual machines, and host-based intrusion detection Build custom live FreeBSD CDs and bootable flash Manage network services and filesystems Use DNS and set up email, IMAP, web, and FTP services for both servers and clients Monitor your system with performance-testing and troubleshooting tools Run diskless systems Manage schedulers, remap shared libraries, and optimize your system for your hardware and your workload Build custom network appliances with embedded FreeBSD Implement redundant disks, even without special hardware Integrate FreeBSD-specific SNMP into your network management system. Whether you're just getting started with FreeBSD or you've been using it for years, you'll find this book to be the definitive guide to FreeBSD that you've been waiting for.

    Apache: The Definitive Guide, written and reviewed by key members of the Apache Group, is the only complete guide on the market today that describes how to obtain, set up, and secure the Apache software.Apache was originally based on code and ideas found in the most popular HTTP server of the time: NCSA httpd 1.3 (early 1995). It has since evolved into a far superior system that can rival (and probably surpass) almost any other Unix-based HTTP server in terms of functionality, efficiency, and speed. The new version now includes support for Win32 systems. This new second edition of Apache: The Definitive Guide fully describes Windows support and all the other Apache 1.3 features. Contents include:The history of the Apache Group Obtaining and compiling the server Configuring and running Apache on Unix and Windows, including such topics as directory structures, virtual hosts, and CGI programming The Apache 1.3 Module API Apache security A complete list of configuration directives With Apache: The Definitive Guide, web administrators new to Apache can get up to speed more quickly than ever before by working through the tutorial demo. Experienced administrators and CGI programmers, and web administrators moving from Unix to Windows, will find the reference sections indispensable. Apache: The Definitive Guide is the definitive documentation for the world's most popular web server. Includes CD-ROM with Apache manuals and demo sites discussed in the book.

    In User Stories Applied, Mike Cohn provides you with a front-to-back blueprint for writing these user stories and weaving them into your development lifecycle.You'll learn what makes a great user story, and what makes a bad one. You'll discover practical ways to gather user stories, even when you can't speak with your users. Then, once you've compiled your user stories, Cohn shows how to organize them, prioritize them, and use them for planning, management, and testing.User role modeling: understanding what users have in common, and where they differ Gathering stories: user interviewing, questionnaires, observation, and workshops Working with managers, trainers, salespeople and other proxies Writing user stories for acceptance testing Using stories to prioritize, set schedules, and estimate release costs Includes end-of-chapter practice questions and exercises User Stories Applied will be invaluable to every software developer, tester, analyst, and manager working with any agile method: XP, Scrum... or even your own home-grown approach.

    Many examples are taken from real-world projects. The book focuses on high-level design as well as the gritty details of the Python syntax. The provided exercises inspire the reader to think about his or her own code, rather than providing solved problems. If you're new to Object Oriented Programming techniques, or if you have basic Python skills and wish to learn in depth how and when to correctly apply Object Oriented Programming in Python, this is the book for you. If you are an object-oriented programmer for other languages, you too will find this book a useful introduction to Python, as it uses terminology you are already familiar with. Python 2 programmers seeking a leg up in the new world of Python 3 will also find the book beneficial, and you need not necessarily know Python 2.

    For SQL programmers, analysts, and database administrators, the new second edition of SQL in a Nutshell is the essential date language reference for the world's top SQL database products. SQL in a Nutshell is a lean, focused, and thoroughly comprehensive reference for those who live in a deadline-driven world.This invaluable desktop quick reference drills down and documents every SQL command and how to use it in both commercial (Oracle, DB2, and Microsoft SQL Server) and open source implementations (PostgreSQL, and MySQL). It describes every command and reference and includes the command syntax (by vendor, if the syntax differs across implementations), a clear description, and practical examples that illustrate important concepts and uses. And it also explains how the leading commercial and open sources database product implement SQL. This wealth of information is packed into a succinct, comprehensive, and extraordinarily easy-to-use format that covers the SQL syntax of no less than 4 different databases.When you need fast, accurate, detailed, and up-to-date SQL information, SQL in a Nutshell, Second Edition will be the quick reference you'll reach for every time. SQL in a Nutshell is small enough to keep by your keyboard, and concise (as well as clearly organized) enough that you can look up the syntax you need quickly without having to wade through a lot of useless fluff. You won't want to work on a project involving SQL without it.

    Whether you're new to Java programming and need something to bridge the gap between theory-laden reference manuals and real-world programs or you're a seasoned Java programmer looking for a new perspective or a different problem-solving context, this book will help you make the most of your Java knowledge. Packed with hundreds of tried-and-true Java recipes covering all of the major APIs from the 1.4 version of Java, this book also offers significant first-look recipes for the most important features of the new 1.5 version, which is in beta release. You get practical solutions to everyday problems, and each is followed by a detailed, ultimately useful explanation of how and why the technology works. Java Cookbook, 2nd Edition includes code segments covering many specialized APIs--like those for working with Struts, Ant and other new popular Open Source tools. It also includes expanded Mac OS X Panther coverage and serves as a great launching point for Java developers who want to get started in areas outside of their specialization. In this major revision, you'll find succinct pieces of code that can be easily incorporated into other programs. Focusing on what's useful or tricky--or what's useful and tricky--Java Cookbook, 2nd Edition is the most practical Java programming book on the market.

    Due to their monopoly position in web browsers, and the fact web browsers have spread from PCs to phones, tablets and TVs; their status will continue to grow and grow. Despite their success, many software engineers are apprehensive about JavaScript and HTML. This apprehensiveness is not completely unfounded; both JavaScript and HTML were rushed in their early years, and driven by commercial rather than engineering interests. As a result, many dubious features crept into these languages. Due to backwards compatibility concerns, most of these features still remain. In addition, many software engineers have used these languages without ever learning them. JavaScript and HTML have low barriers to entry, and this, along with their similarity to other languages, led many software engineers to conclude that there really was nothing much to learn. If you have not used JavaScript and HTML for a number of years, or if you are a programmer or software engineer using other languages, you may be surprised at what they now offer. Browser based web applications are now capable of matching or exceeding the sophistication and scale of traditional desktop applications. In order to create complex web applications however, it is essential to learn these languages. This book takes the point of view that once you have a strong grasp of the fundamentals, the details will take care of themselves. It will not present you with long lists of APIs, or intricate details of every attribute, these can be found in reference manuals. It will focus on the details of each language that are fundamental to understanding how they work. This book will guide you through the process of developing a web application using HTML5, Javascript, jQuery and CSS. It contains the following content: 1. An introduction to the HTML5 markup language, and how it differs from HTML4 and XHTML. 2. An introduction to JavaScript, including an in-depth look at its use of objects and functions, along with the design patterns that support the development of robust web applications. 3. An introduction to jQuery selection, traversal, manipulation and events. 4. An in-depth look at the Web storage and IndexedDB APIs for client side data storage. 5. A guide to implementing offline web applications with the Application Cache API. 6. An introduction to the ways JavaScript can interact with the users file-system using the FileReader API. 7. The use of Web Workers in a web application to execute algorithms on background threads. 8. An introduction to AJAX, and the jQuery API supporting AJAX. 9. An introduction to Server Sent Events and Web Sockets. All subjects are introduced in the context of a sample web application. This book is intended for anyone with at least a superficial knowledge of HTML and programming.

    This book draws on material Michael created for his renowned Object Mentor seminars, techniques Michael has used in mentoring to help hundreds of developers, technical managers, and testers bring their legacy systems under control. The topics covered include: Understanding the mechanics of software change, adding features, fixing bugs, improving design, optimizing performance Getting legacy code into a test harness Writing tests that protect you against introducing new problems Techniques that can be used with any language or platform, with examples in Java, C++, C, and C# Accurately identifying where code changes need to be made Coping with legacy systems that aren't object-oriented Handling applications that don't seem to have any structureThis book also includes a catalog of twenty-four dependency-breaking techniques that help you work with program elements in isolation and make safer changes.

    But this high-level language is relatively difficult to master, even if you already know the C programming language.The 2nd edition of Practical C++ Programming is a complete introduction to the C++ language for programmers who are learning C++. Reflecting the latest changes to the C++ standard, this 2nd edition takes a useful down-to-earth approach, placing a strong emphasis on how to design clean, elegant code.In short, to-the-point chapters, all aspects of programming are covered including style, software engineering, programming design, object-oriented design, and debugging. It also covers common mistakes and how to find (and avoid) them. End of chapter exercises help you ensure you've mastered the material.Practical C++ Programming thoroughly covers: C++ Syntax Coding standards and style Creation and use of object classes Templates Debugging and optimization Use of the C++ preprocessor File input/output Steve Oualline's clear, easy-going writing style and hands-on approach to learning make Practical C++ Programming a nearly painless way to master this complex but powerful programming language.